tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

1.8MB
MD5

d5b2e9398bf952182d724be6d33ca1cd
SHA1

cafad2381629f5a1a222765d0be099df755d3014
SHA256

6f55dc578214c97c800d3a12e02e38230a001bf5635a4226f7767823e2f78cae
SHA512

ce6b24aba951968d3a966cfc9225d4c57dcfdc7d4d5d7d6db14113b0168e683e4d9bf2660165fc1025b555378f93a523703590f524e711f4d45cb74c8a3c3804
SSDEEP

49152:l0/oy0F/EKKd9ldVtn9+XYGJxduYr6r3e+e:lw7C/dKo3dlWC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows x64

c2f358231d40319925186eba82b15737

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileSizeEx
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemInfo
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetLocaleInfoW
LCMapStringW
GetCPInfo
EncodePointer
FlushFileBuffers
SwitchToThread
Sleep
WaitForSingleObjectEx
TryEnterCriticalSection
RtlPcToFileHeader
DecodePointer
SetFilePointerEx
SetEndOfFile
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
GetStringTypeW
FormatMessageA
TlsSetValue
TlsGetValue
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
SleepEx
QueueUserAPC
TerminateThread
PeekNamedPipe
FindNextChangeNotification
FindFirstChangeNotificationW
GetProcessId
GetDateFormatA
GetTickCount
GetVersionExW
OpenEventW
OpenFileMappingW
CreateProcessW
SetHandleInformation
CreatePipe
FindResourceExW
CompareFileTime
DuplicateHandle
AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW
GetConsoleCP
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetStdHandle
GetFileType
ReadFile
WriteFile
InitializeCriticalSection
GlobalLock
GlobalUnlock
GlobalAlloc
HeapDestroy
TlsFree
TlsAlloc
PostQueuedCompletionStatus
lstrcpynW
lstrcpyW
GetCurrentProcessId
VirtualQuery
FormatMessageW
LocalFree
WideCharToMultiByte
LoadLibraryW
TerminateProcess
lstrcmpW
GetDateFormatW
LockResource
GetTimeFormatW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
GetExitCodeThread
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
OutputDebugStringA
OutputDebugStringW
GetProcAddress
GetExitCodeProcess
GetCommandLineW
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
WaitForMultipleObjects
WaitForSingleObject
CreateMutexW
SetEvent
CreateEventW
OpenProcess
CreateFileMappingW
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FindCloseChangeNotification
CloseHandle
LocalAlloc
GetProcessTimes
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
HeapSize
MulDiv
RaiseException
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
GetCurrentThreadId
InitializeCriticalSectionEx
lstrcmpiW
lstrlenW
CompareStringW
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleW
AreFileApisANSI
RtlUnwind

user32

SetClipboardData
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
GetDlgItem
SetDlgItemTextW
EndDialog
GetWindowPlacement
MessageBoxA
SendMessageW
SetWindowLongPtrW
CharNextW
IsWindow
OffsetRect
DrawTextW
ReleaseDC
GetDC
GetWindowTextW
GetWindowTextLengthW
CreateWindowExW
SystemParametersInfoW
IsChild
GetWindowThreadProcessId
GetMenuItemID
CharLowerW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
ModifyMenuW
WindowFromPoint
IsWindowEnabled
DrawFocusRect
TrackMouseEvent
FrameRect
CreatePopupMenu
RemoveMenu
GetDoubleClickTime
DestroyCursor
GetClassLongPtrW
CopyRect
LoadBitmapW
AppendMenuW
TrackPopupMenuEx
GetFocus
FillRect
DrawEdge
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetMessagePos
RegisterWindowMessageW
GetCursorPos
IntersectRect
GetSysColorBrush
GetSysColor
GetWindowDC
TranslateAcceleratorW
GetMenuItemCount
IsMenu
PostQuitMessage
LoadStringA
PtInRect
BringWindowToTop
GetSystemMenu
SetForegroundWindow
EnableMenuItem
SetMenu
GetMenu
SetMenuDefaultItem
GetMenuItemInfoW
LoadCursorW
CheckMenuRadioItem
EqualRect
SetRectEmpty
InflateRect
DrawFrameControl
GetDlgCtrlID
GetCapture
SetWindowTextW
PostMessageW
GetSubMenu
DialogBoxParamW
CloseClipboard
SetMenuItemInfoW
EmptyClipboard
OpenClipboard
MessageBeep
KillTimer
SetTimer
GetScrollPos
MonitorFromPoint
TrackPopupMenu
ClientToScreen
DestroyMenu
SetCursor
GetKeyState
DrawIconEx
SetCapture
EndPaint
BeginPaint
ReleaseCapture
SetFocus
CallWindowProcW
GetWindowLongPtrW
DestroyIcon
GetDlgItemInt
EnableWindow
SetDlgItemInt
IsDialogMessageW
RedrawWindow
CreateDialogParamW
MessageBoxW
SetDlgItemTextA
GetActiveWindow
MoveWindow
ScreenToClient
IsWindowVisible
LoadImageW
LoadAcceleratorsW
LoadMenuW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetSystemMetrics
ShowWindow
DefWindowProcW
GetClassInfoExW
RegisterClassExW
UpdateWindow
InvalidateRect
DestroyWindow
UnregisterClassW
GetClassNameW
SetWindowLongW

gdi32

SetBrushOrgEx
Polyline
Polygon
SelectClipRgn
IntersectClipRect
GetCurrentObject
CreateDIBSection
PatBlt
CreateBitmap
CreatePatternBrush
GetClipRgn
CreateRectRgn
CreateSolidBrush
SetWindowOrgEx
GetDeviceCaps
RestoreDC
SaveDC
DPtoLP
LPtoDP
SetTextColor
SetBkMode
SetViewportOrgEx
GetTextExtentPoint32W
GetClipBox
MoveToEx
SetTextAlign
LineTo
GetTextMetricsW
GetTextExtentExPointW
ExtTextOutW
CreatePen
SetBkColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
DeleteObject
GetObjectW
CreateFontIndirectW
DeleteDC
SelectObject

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

RegCreateKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityInfo
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueW

shell32

CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW
DragQueryFileW

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
DoDragDrop
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocString
VarUI4FromStr
SysStringLen

ws2_32

getsockopt
connect
freeaddrinfo
WSAGetOverlappedResult
htons
bind
ntohs
WSASetLastError
WSACleanup
WSAStartup
htonl
WSARecvFrom
getaddrinfo
WSAGetLastError
setsockopt
WSASocketW
WSASend
WSARecv
select
ioctlsocket
inet_ntoa
closesocket

shlwapi

SHAutoComplete

comctl32

ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_Draw
ImageList_DrawIndirect
InitCommonControlsEx
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Create
ImageList_LoadImageW
ImageList_Destroy
ImageList_EndDrag

uxtheme

IsAppThemed
IsThemeActive

psapi

GetProcessImageFileNameW
GetProcessMemoryInfo

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2f358231d40319925186eba82b15737

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

comctl32

uxtheme

psapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 61KB - Virtual size: 70KB

.pdata Size: 59KB - Virtual size: 59KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 61KB - Virtual size: 70KB

.pdata
Size: 59KB - Virtual size: 59KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 10KB - Virtual size: 10KB